Showing results for 
Search instead for 
Did you mean: 

Unable to do a Proper nat from AWS Cisco ASA


Hello All,


I am in need of some help. I have setup a Cisco ASA on AWS and I have VPN connecting to other side for my customer. VPN established successfully but I cannot route my inside EC2 instance for the internet through ASA.


I did tried to put nat statement such as 

nat (inside,outside) source static inside_interface interface no-proxy-arp


This works for my EC2 instance to go to internet but then tunnel won't come up. 

I don't know what correct Nat statement works in AWS Cisco ASA. 


Can Anyone help me determine the correct Nat statement for this? I have attached the configuration I have used for my VPN tunnel WITHOUT NAT right now as both VPN tunnel are doing NAT-T.

15 Replies 15

@Rob Ingram  mention that you must use manaul NAT, why?

Becuase nat is order 

Manaul nat 

Then auto nat


Issue here that 

Auto nat is check in order you config it,

Since you config auto nat after some other 

Other auto nat effect traffic.

Retrun to @Rob Ingram 

Comment above

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers